Windows with XAMPP#
For a productive use it is convenient to run the Apache Tomcat servlet container behind an Apache HTTP server as a proxy. The proxy is set up in such a way that it only offers SSL-secured connections, so that no certificates for the Tomcat have to be stored and managed.
In the following, we describe how to set up an Apache HTTP server as a proxy for the Tomcat servlet container on a Windows server. For this purpose the installation package XAMPP is used, which includes an Apache HTTP server, a PHP installation, a MySQL database server as well as a Tomcat.
Warning
This guide is not intended to secure your server so that it is publicly accessible over the Internet. This requires security measures which cannot be covered here.
Preparation#
Permissions#
You must have the following permissions on your server:
You must be allowed to create software.
You must have permission to create services.
Hardware and Software#
First, you must make sure that the installation environment meets all the necessary requirements:
You must be logged in with administrator privileges.
Check that the hard disk where programs are normally installed (usually
C:\Programs
) has at least 1500 MByte of free space.Install Java on the computer if you don`t already have it there. You must be using Java 11. You can download it from AdoptOpenJDK server.
There should be no other software running that provides services on port 80, like IIS, Skype or any other web server. There should be no other Tomcat running on the server. If there is, you will need to install Allegra manually.
Make sure that ports 80 and 443 are open on your server for incoming traffic.
Make sure that your machine is reachable from the Internet under its IP. Without that you will not be able to create an SSL certificate.
Download the XAMPP-Installer#
You can download the XAMPP installer for free from the XAMPP download page.
Run XAMPP installer#
Right-click on the installer and select “Run as administrator” from the context menu. You have to do this even even if you already have administrator privileges, no joke!
Do not install the package under C:\Programs
, but e.g. under
C:\xampp
to avoid problems with missing write permissions
later.
After successful installation start the Apache webserver and check under http://localhost:80 if a XAMPP information page comes up.
Configure Apache Web Server#
In order to be able to run the Apache web server as a proxy, you need to make some changes to the configuration. The files where you have to change something are
conf/httpd.conf`
conf/extra/httpd-vhosts.conf`
conf/httpd-ssl.conf
Changes in httpd.conf#
Define SRVROOT "C:/xampp/apache"
Define HOSTNAME ssl.allegra-software.com <-- Ihre Hostname hier
...
ServerRoot "${SRVROOT}
...
Listen 80
...
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule rewrite_module modules/mod_rewrite.so
...
ServerName localhost:80
Changes in httpd-vhosts.conf#
<VirtualHost *:80>
ServerAdmin webmaster@${HOSTNAME}
DocumentRoot "C:/xampp/htdocs/${HOSTNAME}"
ServerName ${HOSTNAME}
ErrorLog "logs/${HOSTNAME}-error.log"
CustomLog "logs/${HOSTNAME}-access.log" common
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/\.well\-known
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@${HOSTNAME}
DocumentRoot "C:/xampp/htdocs/${HOSTNAME}"
ServerName ${HOSTNAME}
ErrorLog "logs/${HOSTNAME}-error.log"
CustomLog "logs/${HOSTNAME}-access.log" common
TransferLog "C:/xampp/apache/logs/access-ssl.log"
ProxyPreserveHost On
RewriteEngine On
#SSL Engine Switch:
#Enable/Disable SSL for this virtual host.
SSLEngine on
#Server Certificate:
SSLCertificateFile "conf/ssl.crt/${HOSTNAME}-crt.pem"
#Server Private Key:
SSLCertificateKeyFile "conf/ssl.crt/${HOSTNAME}-key.pem"
#Server Certificate Chain:
SSLCertificateChainFile "conf/ssl.crt/${HOSTNAME}-chain.pem"
#Certificate Authority (CA):
SSLCACertificatePath "${SRVROOT}/conf/ssl.crt"
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "C:/xampp/apache/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
#SSL Protocol Adjustments:
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
#Tomcat specific reverse proxy
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /allegra/(.*) ws://127.0.0.1:8080/allegra/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /allegra/(.*) http://127.0.0.1:8080/allegra/$1 [P,L]
ProxyPassReverse /allegra/ https://${HOSTNAME}/allegra/
</VirtualHost>
Changes in httpd-ssl.conf#
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "C:/xampp/htdocs/${HOSTNAME}"
ServerName ${HOSTNAME}:443
ServerAdmin admin@example.com
ErrorLog "C:/xampp/apache/logs/error-ssl.log"
TransferLog "C:/xampp/apache/logs/access-ssl.log"
SSLCertificateFile "conf/ssl.crt/${HOSTNAME}-crt.pem"
SSLCertificateKeyFile "conf/ssl.crt/${HOSTNAME}-key.pem"
SSLCertificateChainFile "conf/ssl.crt/${HOSTNAME}-chain.pem"
SSLCACertificatePath "conf/ssl.crt"
Create and install SSL certificates#
To make the process of creating and installing SSL certificates easy, we use the software win-acme . After downloading and installing it, we adapt the following CMD script accordingly and then run it.
set HOSTNAME=ssl.allegra-software.com
C:\Users\Administrator\acme\wacs.exe --source manual
--host %HOSTNAME% --webroot "C:\xampp\htdocs\%HOSTNAME%" \\
--validation filesystem --store pemfiles
--pemfilespath C:\xampp\apache\conf\ssl.crt
After that, restart Tomcat and the Apache web server and you should
be able to reach your Allegra at https://%HOSTNAME%/allegra
.